Security of Home Assistant

As Home Assistant is like every other service or daemon that is running on a computer system that allows access over a network connection, certain measures were taken to increase the overall security while still staying operational.

Secure your installation once you’ve finished with the installation process regardless of your use case.

Home Assistant is NOT able to change the configuration of your router or firewall. This means that you need to setup port-forwarding and adjusting firewall rules if you want to allow access from the internet. By default your frontend and your Home Assistant add-ons like Mosquitto, SSH and your Samba shares are only accessible from your local network.

Server banner

Further details about the fingerprint/server banner of a Home Assistant instance are available.


The default port of Home Assistant is 8123. This is the port where the frontend and the API is served. Both are depending on the http integration which contains the capability to adjust the settings like server_host or server_port.


Home Assistant is following the Mozilla’s Operations Security team recommendations for Server side SSL/TLS settings. Home Assistant uses Modern compatibility by default. If an user wishes to use Intermediate compatibility, this is configurable in the http integration.


The SSH connection for debugging on port 22222 is not enabled by default and can only be used with keys.

If SSH is used with the SSH server add-on then the user is responsible for the configuration and security.

Source code

Due to the lack of resources we are not able to review all of our dependencies and inspect them for malicious behavior, leakage of information or compliance with GDPR. But we have a keen interest in the development of our dependencies and try to work closely with the upstream developer.